Child pages
  • S2-034

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible DoS attack

Maximum security rating

Important

Recommendation

This issue was resolved by publising new OGNL version, any Struts version which at least is using OGNL 3.0.12 is safe.

Affected Software

Struts 2.0.0 - Struts 2.3.24.1

Reporters

Tao Wang wangtao12 at baidu dot com - Baidu Security Response Center

CVE Identifier

CVE-2016-07853093

Problem

The OGNL expression language used by the Apache Struts framework has inproper implementaion of cache used to store method references. It's possible to prepare a DoS attack which can block access to a web site.

...